OSSH华为Portal调试笔记(4)

including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/counter

including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/echo

including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/perl

including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/soh

including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/

including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default

including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel

11. Bingo 用户登录成功

中间会经历大量失败，九死一生请参考附录中的参考。

12. 关键点汇总

? 添加用户： vi /usr/local/etc/raddb/users

steve Cleartext-Password := \\

Service-Type = Framed-User, Framed-Protocol = PPP,

Framed-IP-Address = 192.168.10.5, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = \ Framed-MTU = 1500,

Framed-Compression = Van-Jacobsen-TCP-IP

? 修改radius client： vi /usr/local/etc/raddb/clients.conf

client localhost {

# Allowed values are:

# dotted quad (1.2.3.4)

# hostname (radius.example.com)

ipaddr = 192.168.20.30 [127.0.0.1要改成此服务器ip]

# OR, you can use an IPv6 address, but not both # at the same time.

?? ??

secret = testing123 [ 密码，默认可以不改，跟交换机radius key一致 ]

client 192.168.10.5/24 {

secret = testing123 shortname = private-network-1 }

一定要把20.1网段加入否则不通

client 192.168.20.1/24 {

secret = testing123 shortname = private-network-1 }

/etc/init.d/rc.radiusd restart

? Radius 服务器： vi /usr/local/etc/raddb/radiusd.conf

重启： /etc/init.d/rc.radiusd restart

? radtest steve testing 127.0.0.1 0 testing123

radtest steve testing 192.168.20.30 0 testing123

[root@ossh ~]# radtest steve testing 192.168.20.30 0 testing123 radclient:: Failed to find IP address for ossh radclient: Nothing to send.

采用修改/etc/hosts， 增加127.0.0.1 ossh解决host名字（ossh）找不到问题

修改clients.conf里面的localhost为自己的20.30解决ignore问题

/etc/init.d/rc.radiusd restart

? service nginx start ? 用户测试：

[root@ossh ~]# echo \ 192.168.20.30:1812 auth testing123 Sending Access-Request of id 167 to 192.168.20.30 port 1812 User-Name = \ User-Password = \

rad_recv: Access-Accept packet from host 192.168.20.30 port 1812, id=167, length=32 Service-Type = Framed-User Framed-Protocol = PPP [root@ossh ~]#

echo \ 192.168.20.30:1812 auth testing123 echo \ 192.168.20.30:1812 auth testing123

http://hi.http://www.wodefanwen.com//michael7768/item/aae1c733f11333483075a196 在freeradius 所在的服务器中增加client信息 修改client.conf，增加： client 125.216.243.40/24 {

secret = 123456 //这个是与client共享的密钥，

shorname = client1 //这个可有可无，只是为了与freeradius 1相兼容 }

http://my.oschina.net/zhangdapeng89/blog/49975

4. 新打开一个SSH终端，测试服务器是否连通：

radtest testing password 127.0.0.1 0 testing123

如果看到Access-Accept就说明连接成功了。如果看到类似“Ignoring request to authentication address * port 1812 from unknownclient”的文字，可能需要去修改/etc/raddb/clients.conf，将client localhost段下的ipaddr改为服务器的IP，而不是127.0.0.1。 里临时加上去的第一行删除。 测试连接成功后，我们可以把users

13. 切换到mysql

以上操作采用了文件存储用户，添加用户需要每次都要重启radius，下面用数据库方式进行修改存储用户信息。

? 操作系统 : Centos5.5 X86_64

Radius: Freeradius-1.1.8 ----OSSH 采用2.0版本

? 安装MysqL

# yum install mysql （网络安装，一路选择y） # yum install mysql-devel # yum install mysql-server

? 安装OpenSSL (OSSH ISO已经安装) # yum install openssl

# yum install openssl097a.i386 # yum install openssl097a

? 安装FreeRadius (OSSH ISO已经安装)

# tar -zxvf freeradius-1.1.8.tar.gz # cd freeradius-1.1.8 # ./configure

# yum -y install libtool-ltdl-devel # make # make install

? 配置FreeRadius

# cd /usr/local/etc/raddb/

# vi radiusd.conf //将authorize和accounting中的sql#去掉 -----新版本不比修改此字段 authorize { preprocess chap mschap suffix sql }

accounting { …. sql … }

? 配置sql

# vi sql.conf ( vi /usr/local/etc/raddb/sql.conf )

server=\login=\

password=\的root的密码 radius_db=\

# vi users //注释掉下两行-----实测不必修改，且找不到Fall-Through #DEFAULT Auth-Type = System # Fall-Through = 1

? Mysql配置 启动Mysql

…… 此处隐藏：3109字，全部文档内容请下载后查看。喜欢就下载吧 ……